Monitoring Splunk

Splunk monitoring console unable to gather Resource usage information

PeraltaRH
Explorer

Hello,

I have a problem with my distributed environment where some of my instances appear greyed out under CPU and memory utilization. If I open the specific instance panels I see the red icon with the errors below. 

This is very strange because it affects the indexers only. The only difference with them is that the web service is disabled a per Splunk best practices.

I tried with splunk support by opening a case but we couldn't find the solution yet.

 

Splunk Version: 8.0.3 (indexers), 8.0.5 (everything else)--- Is this a problem? 

[subsearch][servername]Failed to fetch REST endpoint uri=https://127.0.0.1:8089/services/server/info?count=0&strict=false from server https://127.0.0.1:8089. Check that the URI path provided exists in the REST API.

[subsearch][servername]Unexpected status for to fetch REST endpoint uri=https://127.0.0.1:8089/services/server/info?count=0&strict=false from server=https://127.0.0.1:8089 - Bad Request

 

--- MORE INFO ---

If I run the command manually like:

https://10.10.10.1:8089/services/server/status/resource-usage/hostwide
I get the output in my browser.

 

I read this post: https://community.splunk.com/t5/Getting-Data-In/Splunk-Management-Console-Error-subsearch-Rest-Proce... 

It talks about the indexer role, my Cluster Master is also "SHC Deployer" (Search Head Cluster Deployer), would this be the role I have to move? Its not an Indexer, I have 6 dedicated indexers and 5 dedicated search heads.

Labels (2)
0 Karma
1 Solution

PeraltaRH
Explorer

The problem seems to be with the versions compatibility.

A bit absurd that a new MC version is not retro-compatible, not even a mayor upgrade 8.0.3 vs 8.0.5.1.

 

If anyone gets this problem, its because the new version sends "strict=false" and the old version does not like it. You cant even set the MC to not send this option.... quite disappointing. 

View solution in original post

0 Karma

PeraltaRH
Explorer

The problem seems to be with the versions compatibility.

A bit absurd that a new MC version is not retro-compatible, not even a mayor upgrade 8.0.3 vs 8.0.5.1.

 

If anyone gets this problem, its because the new version sends "strict=false" and the old version does not like it. You cant even set the MC to not send this option.... quite disappointing. 

0 Karma
Get Updates on the Splunk Community!

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...